[$] Shadow-stack control in clone3()
Shadow stacks are a control-flow-integrity feature designed to defend
against exploits that manipulate a thread's call stack. The kernel first
gained support for hardware-implemented shadow
stacks, for the x86 architecture, in the 6.6 release; 64-bit Arm
support followed in 6.13. This feature does not give user space much
control over the allocation of shadow stacks for new threads, though; a patch
series from Mark Brown may, after many attempts, finally be about
to change that situation.